Chef – Making https:// happen

When using Web Speech API, Chrome asks you for a permission to use your microphone – every single time. Only way out of it is to have your website secured by SSL. Today I will share how I easily did that.

This was my first experience setting up a SSL encryption to a website. So what is a SSL encryption? SSL is a layer of security, which uses encryption (nobody can read the data just “off the air”) and authentication (not just anybody can decrypt the data). Every time you go to the website of your bank, you might see a green lock in your address bar of a browser. That means that the website you’re on is secured via SSL and the certificate it uses is trusted.

How does SSL work?

When somebody opens a browser and goes to a SSL protected site, he enters the address (with https://). He then receives a SSL certificate and a public key from the server.

Public and private keys are a great idea that help information to be secure. They always work in a pair – certain TOP SECRET information can be encrypted by a public key, so that it only can be decrypted with the private key. If browser has the public key, whatever he encrypts by it can be only decrypted by the server afterwards – only the server has the private key.

First step of SSL communication

After the browser has the certificate and it verifies it (so that it knows it can trust that one), browser’s happy to start communicating with the server – encrypting the communication by the server’s public key, which is accessible to anyone.

Second step of SSL communication

How to get a SSL Certificate & keys

SSL Certificates are issued by companies who check your background, verify your domain and so on. I used a 1-year free certificate from StartSSL and I had a good experience with them – support is great. On my hosting by Savana, I read a tutorial on securing my site with SSL which helped me a lot. You need to create a CRT (Certficate Request) – by using terminal. There are plenty of tutorials online if you’re after it 🙂

Once your certificate is ready, you usually receive your public key and certificate itself, which you input in your hosting/server administration. Your private key is generated when you’re creating the .CRT file, so keep it safe.

After I deployed my SSL certificate and it started fully working, I no longer need to authorize the microphone use again – Chrome trusts the website on which my prototype is hosted and it doesn’t ask for anymore permission. Great!